
Q: how ban?

A: Goal: Brute force mitigation. Simple IP based ban after misbehaviour for now.

429 Too Many Requests https://tools.ietf.org/html/rfc6585#section-4
Retry-After: https://tools.ietf.org/html/rfc2616/#section-14.37
https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Retry-After
